I think you brought up a very good question
"if this is the right position for IPS to deploy?"
Here is my 3 cents (2 cents Inflation adjusted :)))
1. IPS on 16G and 10G is a classic compromise of Speed versus security. Speed
Security and cost is the three corners of triangle and you can choose only two
:).
2. 10 to 16 G worth of traffic makes the IDS/IPS as single point of faliure
which is really highrisk so you end up buying Hot standby module in any case
(even though IPS is fail Open).
3. Other issue is log management and containing the damage due to changes. Let
me explain this in bit detail. If you are upgrading the software on IPS, the
disruption due to changes will be for entire network,
4. Even if you want to deploy 16G/10G solution current products are not mature
enough to provide you peace of mind.
I think you should reassess your requirement and see if you are ok with
filtering network based attack at the Gateway or entry point and have more
protocol decode and similar solution nearer to the host. This will minimize the
impact on the infrastructure and in the long run it may prove more efficient
and effective.
So strongly request you to reassess your requirements.
Regards,
Vijay Upadhyaya
BS-7799 Lead Auditor
CISSP
CSGA
Nortel ASF Training Certification
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
